You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by "Sean Busbey (JIRA)" <ji...@apache.org> on 2016/04/13 19:26:25 UTC

[jira] [Resolved] (HBASE-15630) Improve checksum files for releases for easier verification

     [ https://issues.apache.org/jira/browse/HBASE-15630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sean Busbey resolved HBASE-15630.
---------------------------------
    Resolution: Information Provided
      Assignee: Elliott Clark

> Improve checksum files for releases for easier verification
> -----------------------------------------------------------
>
>                 Key: HBASE-15630
>                 URL: https://issues.apache.org/jira/browse/HBASE-15630
>             Project: HBase
>          Issue Type: Wish
>    Affects Versions: 1.2.1
>            Reporter: Christopher Tubbs
>            Assignee: Elliott Clark
>            Priority: Trivial
>
> Trying to verify latest release (1.2.1), and I found it a bit inconvenient to parse the *.mds checksum file. The line wrapping, white space, and the general format of the file does not lend itself for easy verification.
> I suggest using the standard "coreutils" format for md5sum, sha*sum, etc., instead: <lowercase-hash><space><asterisk(binary-flag)><filename>
> {code}
> # md5
> 3d66c0dd4f38fa881046fe64dd680a7a *hbase-1.2.1-src.tar.gz
> # sha1
> 3666a4829d9a8d9285173bfa8e8d0ff5423a22d6 *hbase-1.2.1-src.tar.gz
> # rmd160
> #fb318e84b6256492cfb990aec2238a64c2da21ad *hbase-1.2.1-src.tar.gz
> # sha224
> 89d341a55069e4875f9e6859737062fd7a4c11596811731c4ba95ca0 *hbase-1.2.1-src.tar.gz
> # sha256
> e8000a65e98d4c5db7bab54da99a57209fe4ea777ab41e91ae8ccf7bfa2d50dd *hbase-1.2.1-src.tar.gz
> # sha384
> 49aa0620bf0fbe20bbde66cecabb76b22defb9ee609936edc3952889e6484e55c88f1c93d6258a2eaab4a9d5188b6170 *hbase-1.2.1-src.tar.gz
> # sha512
> 28956a35a01ae87e9f733664c52c6fd25f9a60a1ff7047bbf306cd433c2a5b863c9bf05aba1d58792b86eec9943ae00e772c4b76fb81c5d210cf256cd074189b *hbase-1.2.1-src.tar.gz
> {code}
> (comment lines added for humans, but ignored by tools; commented out rmd160, because not a coreutils supported algorithm; binary flag optional, could use another space instead... probably only matters for some dos tools)
> This makes it very easy to verify multiple files and hashes using: {{shasum -c file.mds}} or {{sha1sum -c file.mds}} or {{md5sum -c file.mds}}.
> In addition to the file format change, I suggest these two additional changes:
> 1. Drop rmd160. It's not nearly as popular as the others, and it doesn't lend itself to easy verification (no coreutils equivalent command like md5sum, sha1sum, etc.)
> 2. Concatenate hashes from all files into a single file. This makes it easier to verify all downloads at once.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)